Engine vs. Crypto Lib Question

[Verdon Walker]

As I have mentioned before, we are currently producing an OpenSSL solution that uses our own cryptography library for ALL cryptographic functionality (instead of using libeay for those functions). We have elected to actually replace the underlying crypto functions in libeay with calls to our own library (at the EVP level wherever possible) instead of attempting to use the ENGINE interface. We are doing this for various reasons and I wanted to run them by you to see if our thinking is sound (or if we have missed something):   1 - It appears that Engine is meant to provide support for alternate solutions (primarily hardware), but will fall back to the libeay software solution if no other engines exist. We must use our library for all cryptography. It is not optional.   2 - Engine does not support cryptography that is not also supported through the standard software interface. Richard Levitte just started a thread on this topic (Disabling algorithms) which is really what got me thinking about this again. In any case, if we disable the current software solutions, it would appear that we also disable any ability to provide the solutions through the engine. See #1 to understand why this is not acceptable for us.   3 - Engine does not currently support all cryptographic functionality. Most notable would be symmetric ciphers, but we also need to use our library for RAND and other functions that may not be supported either.   4 - Engine is still in early development and may not be as stable as the standard code base.   5 - We have not been able to find much documentation about how to use the Engine interface.   This is probably not an exhaustive list, but is sufficient for making the decision that Engine is not an option for providing the solution we want at this time.   Am I incorrect in any of my assumptions or conclusions? Are there other considerations I have missed that would make the Engine more palatable for what we are doing?   You time and consideration of these questions is greatly appreciated.   Verdon Walker (801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com